From a6c6fbfb314117f47a81223f036753bc21b8bb5e Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Thu, 25 Mar 2021 13:28:31 -0400 Subject: [PATCH] Made some changes for using just the RIM Hash to pull support rims from the database to associated with the swid tag. Changed the rim hash from and int to a string. --- ...stractAttestationCertificateAuthority.java | 34 ++++++-- ...eferenceManifestDetailsPageController.java | 45 +++++------ .../data/persist/BaseReferenceManifest.java | 46 +---------- .../hirs/data/persist/ReferenceManifest.java | 78 ++++++++++++++++--- .../persist/SupportReferenceManifest.java | 20 +++++ .../persist/ReferenceManifestSelector.java | 7 +- 6 files changed, 141 insertions(+), 89 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 8a3361b9..ea9af574 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -94,7 +94,6 @@ import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.MGF1ParameterSpec; import java.security.spec.RSAPublicKeySpec; -import java.util.Arrays; import java.util.Calendar; import java.util.Date; import java.util.HashSet; @@ -713,7 +712,8 @@ public abstract class AbstractAttestationCertificateAuthority * @return a HIRS Utils DeviceInfoReport representation of device info */ @SuppressWarnings("methodlength") - private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { + private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) + throws NoSuchAlgorithmException { ProvisionerTpm2.DeviceInfo dv = claim.getDv(); // Get network info @@ -778,16 +778,21 @@ public abstract class AbstractAttestationCertificateAuthority String fileName = ""; Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"); Matcher matcher; + MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); if (dv.getSwidfileCount() > 0) { for (ByteString swidFile : dv.getSwidfileList()) { try { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) .includeArchived() - .byHashCode(Arrays.hashCode(swidFile.toByteArray())) + .byHashCode(Hex.encodeHexString(messageDigest.digest( + swidFile.toByteArray()))) .getRIM(); if (dbBaseRim == null) { + /** + * This has to change, each log file can't have the same name + */ dbBaseRim = new BaseReferenceManifest( String.format("%s.swidtag", clientName), @@ -829,10 +834,14 @@ public abstract class AbstractAttestationCertificateAuthority try { support = SupportReferenceManifest.select(referenceManifestManager) .includeArchived() - .byHashCode(Arrays.hashCode(logFile.toByteArray())) + .byHashCode(Hex.encodeHexString(messageDigest.digest( + logFile.toByteArray()))) .getRIM(); if (support == null) { + /** + * This has to change, each log file can't have the same name + */ support = new SupportReferenceManifest( String.format("%s.rimel", clientName), @@ -856,6 +865,15 @@ public abstract class AbstractAttestationCertificateAuthority this.referenceManifestManager.update(support); } + // all of this has to be moved somewhere else + /** + * Because the log file we get isn't promised to be the baseline support rim. + * If it is a patch of supplemental we have to check that the baseline + * has been done + * and those entires can't become the baseline + * + * However, we don't know which log file is what until we link them to a swidtag + */ ReferenceDigestRecord dbObj = new ReferenceDigestRecord(support, hw.getManufacturer(), hw.getProductName()); // this is where we update or create the log @@ -937,7 +955,13 @@ public abstract class AbstractAttestationCertificateAuthority } private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { - DeviceInfoReport deviceInfoReport = parseDeviceInfo(claim); + DeviceInfoReport deviceInfoReport = null; + + try { + deviceInfoReport = parseDeviceInfo(claim); + } catch (NoSuchAlgorithmException noSaEx) { + LOG.error(noSaEx); + } if (deviceInfoReport == null) { LOG.error("Failed to deserialize Device Info Report"); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index f0af64ea..180e4909 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -1,5 +1,9 @@ package hirs.attestationca.portal.page.controllers; +import hirs.attestationca.portal.page.Page; +import hirs.attestationca.portal.page.PageController; +import hirs.attestationca.portal.page.PageMessages; +import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams; import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.ReferenceManifest; @@ -10,23 +14,6 @@ import hirs.persist.CertificateManager; import hirs.persist.DBManagerException; import hirs.persist.ReferenceManifestManager; import hirs.tpm.eventlog.TCGEventLog; -import hirs.attestationca.portal.page.Page; -import hirs.attestationca.portal.page.PageController; -import hirs.attestationca.portal.page.PageMessages; -import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.util.Arrays; -import java.util.HashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.ArrayList; -import java.util.Set; -import java.util.UUID; - import hirs.tpm.eventlog.TpmPcrEvent; import hirs.utils.ReferenceManifestValidator; import org.apache.logging.log4j.LogManager; @@ -37,6 +24,18 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; +import java.util.UUID; + /** * Controller for the Reference Manifest Details page. */ @@ -187,16 +186,8 @@ public class ReferenceManifestDetailsPageController } else { data.put("swidCorpus", "False"); } - if (baseRim.isSwidPatch() == 1) { - data.put("swidPatch", "True"); - } else { - data.put("swidPatch", "False"); - } - if (baseRim.isSwidSupplemental() == 1) { - data.put("swidSupplemental", "True"); - } else { - data.put("swidSupplemental", "False"); - } + data.put("swidPatch", baseRim.isSwidPatch()); + data.put("swidSupplemental", baseRim.isSwidSupplemental()); data.put("swidTagId", baseRim.getTagId()); // Entity data.put("entityName", baseRim.getEntityName()); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index e8fefe5d..23be60c1 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -45,10 +45,6 @@ public class BaseReferenceManifest extends ReferenceManifest { @Column private int swidCorpus = 0; @Column - private int swidPatch = 0; - @Column - private int swidSupplemental = 0; - @Column private String colloquialVersion = null; @Column private String product = null; @@ -159,8 +155,8 @@ public class BaseReferenceManifest extends ReferenceManifest { setTagId(si.getTagId()); this.swidName = si.getName(); this.swidCorpus = si.isCorpus() ? 1 : 0; - this.swidPatch = si.isPatch() ? 1 : 0; - this.swidSupplemental = si.isSupplemental() ? 1 : 0; + this.setSwidPatch(si.isPatch()); + this.setSwidSupplemental(si.isSupplemental()); this.swidVersion = si.getVersion(); if (si.getTagVersion() != null) { this.setSwidTagVersion(si.getTagVersion().toString()); @@ -475,42 +471,6 @@ public class BaseReferenceManifest extends ReferenceManifest { this.swidCorpus = swidCorpus; } - /** - * Getter for the patch flag. - * - * @return int flag for the patch flag - */ - public int isSwidPatch() { - return swidPatch; - } - - /** - * Setter for the patch flag. - * - * @param swidPatch int value - */ - public void setSwidPatch(final int swidPatch) { - this.swidPatch = swidPatch; - } - - /** - * Getter for the supplemental flag. - * - * @return int flag for the supplemental flag - */ - public int isSwidSupplemental() { - return swidSupplemental; - } - - /** - * Setter for the supplemental flag. - * - * @param swidSupplemental int value - */ - public void setSwidSupplemental(final int swidSupplemental) { - this.swidSupplemental = swidSupplemental; - } - /** * Getter for the Entity Name. * @@ -822,7 +782,7 @@ public class BaseReferenceManifest extends ReferenceManifest { return String.format("ReferenceManifest{swidName=%s," + "platformManufacturer=%s," + " platformModel=%s," - + "tagId=%s, rimHash=%d}", + + "tagId=%s, rimHash=%s}", swidName, this.getPlatformManufacturer(), this.getPlatformModel(), getTagId(), this.getRimHash()); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 98c05e0d..30977b82 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -1,23 +1,25 @@ package hirs.data.persist; -import java.util.Arrays; -import java.util.UUID; -import javax.persistence.Access; -import javax.persistence.AccessType; -import javax.persistence.Column; -import javax.persistence.Entity; - import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.hibernate.annotations.Type; +import javax.persistence.Access; +import javax.persistence.AccessType; +import javax.persistence.Column; +import javax.persistence.Entity; import javax.persistence.Table; import javax.xml.XMLConstants; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.UUID; /** * This class represents the Reference Integrity Manifest object that will be @@ -68,7 +70,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { public static final String RIM_HASH_FIELD = "rimHash"; @Column(nullable = false) @JsonIgnore - private final int rimHash; + private final String rimHash; @Column(columnDefinition = "blob", nullable = false) @JsonIgnore private byte[] rimBytes; @@ -77,6 +79,10 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Column private String tagId = null; @Column + private boolean swidPatch = false; + @Column + private boolean swidSupplemental = false; + @Column private String platformManufacturer = null; @Column private String platformManufacturerId = null; @@ -96,7 +102,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { protected ReferenceManifest() { super(); this.rimBytes = null; - this.rimHash = 0; + this.rimHash = ""; this.rimType = null; this.platformManufacturer = null; this.platformManufacturerId = null; @@ -118,7 +124,19 @@ public abstract class ReferenceManifest extends ArchivableEntity { "Cannot construct a RIM from an empty byte array"); this.rimBytes = rimBytes.clone(); - this.rimHash = Arrays.hashCode(this.rimBytes); + + MessageDigest digest = null; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + if (digest == null) { + this.rimHash = ""; + } else { + this.rimHash = Hex.encodeHexString( + digest.digest(rimBytes)); + } } /** @@ -245,6 +263,42 @@ public abstract class ReferenceManifest extends ArchivableEntity { this.tagId = tagId; } + /** + * Getter for the patch flag. + * + * @return int flag for the patch flag + */ + public boolean isSwidPatch() { + return swidPatch; + } + + /** + * Setter for the patch flag. + * + * @param swidPatch int value + */ + public void setSwidPatch(final boolean swidPatch) { + this.swidPatch = swidPatch; + } + + /** + * Getter for the supplemental flag. + * + * @return int flag for the supplemental flag + */ + public boolean isSwidSupplemental() { + return swidSupplemental; + } + + /** + * Setter for the supplemental flag. + * + * @param swidSupplemental int value + */ + public void setSwidSupplemental(final boolean swidSupplemental) { + this.swidSupplemental = swidSupplemental; + } + /** * Getter for the associated RIM DB ID. * @return UUID for the rim @@ -279,13 +333,13 @@ public abstract class ReferenceManifest extends ArchivableEntity { * * @return int representation of the hash value */ - public int getRimHash() { + public String getRimHash() { return rimHash; } @Override public int hashCode() { - return getRimHash(); + return Arrays.hashCode(this.rimBytes); } @Override diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index 51c663a2..f04de700 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -78,6 +78,26 @@ public class SupportReferenceManifest extends ReferenceManifest { setFieldValue(PLATFORM_MODEL, model); return this; } + + /** + * Specify the file name that rims should have. + * @param fileName the name of the file associated with the rim + * @return this instance + */ + public Selector byFileName(final String fileName) { + setFieldValue(RIM_FILENAME_FIELD, fileName); + return this; + } + + /** + * Specify the RIM hash associated with the support RIM. + * @param rimHash the hash of the file associated with the rim + * @return this instance + */ + public Selector byRimHash(final String rimHash) { + setFieldValue(RIM_HASH_FIELD, rimHash); + return this; + } } /** diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 3b363e35..0ff4bcf9 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -37,8 +37,11 @@ public abstract class ReferenceManifestSelector { * String representing the database field for the model. */ public static final String PLATFORM_MODEL = "platformModel"; + /** + * String representing the database field for the filename. + */ + public static final String RIM_FILENAME_FIELD = "fileName"; private static final String RIM_TYPE_FIELD = "rimType"; - private static final String RIM_FILENAME_FIELD = "fileName"; private final ReferenceManifestManager referenceManifestManager; private final Class referenceTypeClass; @@ -100,7 +103,7 @@ public abstract class ReferenceManifestSelector { * @param rimHash the hash code of the bytes to query for * @return this instance (for chaining further calls) */ - public ReferenceManifestSelector byHashCode(final int rimHash) { + public ReferenceManifestSelector byHashCode(final String rimHash) { setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); return this; }